Update: 2hd.com.au appears to be clean now the .cn server script includes are gone and Google is no longer warning you off when you go there.
Just tried to visit 2hd.com.au and I get this in Google Chrome:
I went to netcraft.com and it appears 2hd are running Windows 2003 and IIS6.0. A recent article on the Sydney Morning Herald site describes something similar (A site serving malware from Chinese *.cn servers) happening to JB Hi-Fi and JB appears to be running FreeBSD and Apache 1.3.x. So OS isn't a factor in this particular hack.
The JB Hi-Fi malware problem was reported to be due to a third party ad server being compromised and then the JB servers unwittingly serving links to the bogus ads. So I wouldn't be suprised if www.2hd.com.au has something similar happening. Of course this is an assumption.
To use a phrase from Meet the Fockers. No matter how secure your own server/s may be, you still need to make sure the servers in your "circle of trust" can be trusted also.
I remember a friend who worked for an Internet Serving company used to spend several hours a day combing through logs looking for suspicious activity. Looks like that sort of methodical inspection is required to stay ahead of potential security problems.
0 Comments